Privacy Policy

Version 1.1.1 — March 16, 2026

§1. Data Controller

1.1. The data controller is Cybird Consulting Dariusz Ptaszek, Tax ID (NIP): 7343126589, address: Chmielna 2/31, 00-020 Warsaw, Poland, phone: +48 531 159 585, email: bzzt.zone@gmail.com (registered in CEIDG, the Polish business registry).

1.2. Contact for any privacy matter, data subject rights, or complaint: bzzt.zone@gmail.com.

§2. Scope

2.1. We process personal data in line with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA) for California residents, and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) where applicable, on the principle of data minimization.

2.2. The app is intended only for adults (18+).

§3. Data we process

3.1. Phone number — used for OTP verification.
3.2. First name, profile photo, date of birth, gender, preferences.
3.3. GPS location — foreground only, used to detect people nearby.
3.4. History of signals, sparks, pings, blocks, reports.
3.5. Marketing consents and push notification tokens.

§4. Legal bases (GDPR)

4.1. Art. 6(1)(b) GDPR — performance of a contract (profile, radar, signals).
4.2. Art. 6(1)(a) GDPR — consent (location, marketing).
4.3. Art. 9(2)(a) GDPR — sensitive data (gender preferences).
4.4. Art. 6(1)(f) GDPR — legitimate interest (safety, moderation).

§5. Location

5.1. Foreground only. Exact coordinates are never disclosed to other users.

5.2. Location data older than 15 minutes is ignored.

§6. Recipients

6.1. We do not sell personal data.

6.2. Processors: Supabase (Frankfurt, EU) — backend and database; Twilio (US) — SMS/OTP; Expo / 650 Industries (US) — over-the-air updates; Sentry (US) — crash reporting; Apple (US) — App Store distribution and push notifications.

§7. International transfers

7.1. Where data is transferred outside the EEA (e.g., to the US), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and supplementary measures where required.

§8. Retention

8.1. Profile: until account deletion. Location: 15 minutes (active). Signals/sparks: 30 days. Reports/blocks: 6 months. Backups: up to 30 days after deletion.

§9. Your rights

9.1. EU/EEA/UK (GDPR): access, rectification, erasure, restriction, portability, objection.

9.2. California (CCPA/CPRA): right to know, delete, correct, opt out of sale/sharing (we do not sell), and not be discriminated against for exercising these rights.

9.3. Canada (PIPEDA): access and correction of your personal information; right to file a complaint with the Office of the Privacy Commissioner of Canada.

9.4. Withdraw consent at any time without affecting the lawfulness of prior processing.

9.5. Right to lodge a complaint with your local supervisory authority. For Poland: President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw.

9.6. To exercise any right, email bzzt.zone@gmail.com. We respond within 30 days (45 days for CCPA, extendable once).

§10. Security

10.1. TLS 1.3 in transit, JWT for auth, Row Level Security at the database layer, encryption at rest with our processor.

§11. Children

11.1. The app is not intended for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will delete it.

§12. Changes

12.1. We will notify users of material changes at least 14 days in advance via in-app notice or email.

§13. Contact

13.1. Email: bzzt.zone@gmail.com

13.2. Postal: Cybird Consulting Dariusz Ptaszek, Chmielna 2/31, 00-020 Warsaw, Poland.

Privacy Policy v1.1.1 effective as of March 16, 2026.

Cybird Consulting Dariusz Ptaszek
NIP: 7343126589